Domovská stránka Prehľadávať Pomoc
Prihlásiť sa
ademant
/
fw_limit
Pridať medzi pozorované 1
Hviezda 0
Fork 0
Súbory Issues 0 Pull requesty 0 Wiki
Branch: master
Branche Tagy
fw_limit
/
custom_rules_init.sh

custom_rules_init.sh 2.1 KB
Permanentný odkaz História Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849 
  1. #!/bin/sh
    2. 

  2. ACTDIR=$(dirname "$0")
    3. 

  3. KIDS_IP="172.24.42.100-172.24.42.110"
    4. 

  4. KIDS_MAC="00:e0:53:13:1b:f1 88:79:7e:f7:05:60 d0:04:01:9f:b4:09"
    5. 

  5. 

  6. FOR_OUT_KIDS="forwarding_lan_rules_kids"
    7. 

  7. FOR_OUT_GAMES="forwarding_lan_rules_games"
    8. 

  8. FOR_IN_KIDS="forwarding_wan_rules_kids"
    9. 

  9. YOUTUBE="forwarding_wan_rules_youtube"
    10. 

  10. 

  11. iptables -N ${FOR_OUT_KIDS}
    12. 

  12. iptables -I ${FOR_OUT_GAMES} -m limit --limit 1/min -j LOG --log-prefix "Surfing kid: "
    13. 

  13. iptables -A ${FOR_OUT_KIDS} -j DROP
    14. 

  14. 

  15. iptables -N ${FOR_OUT_GAMES}
    16. 

  16. iptables -I ${FOR_OUT_GAMES} -m limit --limit 1/min -j LOG --log-prefix "Playing kid: "
    17. 

  17. iptables -A ${FOR_OUT_GAMES} -j DROP
    18. 

  18. 

  19. iptables -N ${FOR_IN_KIDS}
    20. 

  20. iptables -A ${FOR_IN_KIDS} -j DROP
    21. 

  21. 

  22. iptables -N ${YOUTUBE}
    23. 

  23. iptables -A ${YOUTUBE} -j DROP
    24. 

  24. 

  25. # Time restriction for games
    26. 

  26. iptables -I ${FOR_OUT_GAMES} 1 -m time --timestart 14:00 --timestop 21:00 --weekdays Mon,Tue,Wed,Thu,Sun -j ACCEPT
    27. 

  27. iptables -I ${FOR_OUT_GAMES} 1 -m time --timestart 08:00 --timestop 23:00 --weekdays Sat -j ACCEPT
    28. 

  28. iptables -I ${FOR_OUT_GAMES} 1 -m time --timestart 12:00 --timestop 23:00 --weekdays Fri -j ACCEPT
    29. 

  29. 

  30. # allow WhatsApp
    31. 

  31. iptables -I ${FOR_OUT_KIDS} 1 -p tcp -m multiport --dports 4244,5222,5223,5228,5242,50318,59234 -m comment --comment "TCP Whatsapp" -j ACCEPT
    32. 

  32. iptables -I ${FOR_OUT_KIDS} 1 -p udp -m multiport --dports 3478,45395,50318,59234 -m comment --comment "UDP Whatsapp" -j ACCEPT
    33. 

  33. 

  34. # redirect games
    35. 

  35. iptables -I ${FOR_OUT_KIDS} -p udp -m multiport --dports 29995:30005 -m comment --comment "Minetest" -j ${FOR_OUT_GAMES}
    36. 

  36. 

  37. # populate list
    38. 

  38. ${ACTDIR}/filter_mac.sh start
    39. 

  39. iptables -I FORWARD -m iprange --dst-range ${KIDS_IP} -m conntrack --ctstatus RELATED,ESTABLISHED -j ${FOR_IN_KIDS}
    40. 

  40. 

  41. # web access - time restriction
    42. 

  42. iptables -I ${FOR_OUT_KIDS} 1 -p tcp -m multiport --dports 80,443 -m time --timestart 08:00 --timestop 23:00 -j ACCEPT
    43. 

  43. iptables -I ${FOR_IN_KIDS} 1 -p tcp -m multiport --sports 80,443 -m time --timestart 08:00 --timestop 23:00 -j ACCEPT
    44. 

  44. 

  45. # Youtube
    46. 

  46. while read -r line; do
    47. 

  47. 	iptables -I ${FOR_IN_KIDS} -m iprange --src-range ${line} -m length --length 2048:65535 -p tcp -j ${YOUTUBE}
    48. 

  48. done < "${ACTDIR}/youtube.txt"
    49. 

  49.